So I finished doing the buffer overflow stuff twice. I feel like it's kind off important and I tried different payloads and stuff. I want to know it good both for linux and windows. Damn linux has some cool debugging tools I had no idea off, why would somebody ever pay for a program when we have anno 2012 such an amazing open source library ? ;-) Support ? Bah, if you're IT minded you shouldn't have any problems these days. I do understand for small non IT minded companies. But for the big corporations, I know how they work, and have worked with them myself for many years, they can put the right people on it and fix the problems themselves. I guess they still think : "Nobody got fired by buying IBM..."

Ok guys... back to OSCP !

This is it, I'm 2/3rd into the course and this is basically the first time I explicitly read in the manual : (not exact words, but it's how I interpret them)

"Go scan ip's in your range in the lab and try to hack them using exploits you just learned to find and use"

!!!!!!!

Let's gooooo!!! Who needs sleep ? I SLEEP WHEN I'M DEAD!!!

(probably will have to use their 'TRY HARDER' mantra from now on in the coming 9000 days or so :-)

Last edited by sternone on Wed Aug 22, 2012 11:45 pm, edited 1 time in total.

I tried first a server but I gave up after getting halfway on it. Only did a little, then I just said, let me try some other servers. then the second one I buffer overflowed it. I LOVE BUFFER OVERFLOWS!!! They are freaking cool.

I can't say if it was low hanging fruit since I only rooted 1 yet.

Played on that server for 2 hours now going to take a quick nap :-)

Last edited by sternone on Thu Aug 23, 2012 3:21 am, edited 1 time in total.

Hehe I know the feeling you had since I recently started to play around with buffer overflows on the IO challenges of smackthestack.org

My biggest problem was understanding how to find the return address in gdb. By now it is going smoothly and I am a bit dumbstruck I did not understand this a few years ago. Also learned to abuse SETUID programs and using an egg + envirnoment variable to exploit programs. Very nice!

Anyway I will book the OSCP as soon as I am back from my Bangkok trip. Decided to skip on OSWP and ECPPT. OSCP is just awesome.

Metasploit is pretty powerful and can facilitate delivering a BoF exploit but I don't think it's capable of actually finding it in an application. But give HD Moore time...I'm sure he'll come up with a way eventually.